Mozilla detects insecure plugins for IE, Chrome, Safari

Updated Mozilla has introduced a service that checks plugins for the Internet Explorer, Chrome, Opera, and Safari browsers to make sure they don't contain known bugs or security vulnerabilities.

The page builds off a feature rolled out last year that checked only for out-of-date plugins for Firefox. At the moment, the service offers limited coverage for Internet Explorer extensions, but Mozilla says it plans to offer full coverage eventually.

"We believe that plugin safety is an issue for the web as a whole, so while our initial efforts focused on building a page that would work for Firefox users, the team has since expanded plugin check coverage to work with Safari 4, Chrome 4, and Opera 10.5," Johnathan Nightingale, Mozilla's Director of Firefox Development, writes here.

The check is designed to gently nag people who are using out-of-date versions of Adobe Flash, Oracle's Java Virtual Machine, and many other types of software that work closely with standard web browsers. Indeed, in the weeks after Mozilla introduced a page that checked for for Flash, it caught more than half of Firefox installations running an insecure version Adobe's web animation software.

That figure has improved slightly since then, with "over 60% of the users we see on the plugin check" running the most recent version of Flash, Nightingale says. Older versions of Flash are regularly exploited in malware drive-by attacks, so it's still problematic that such a high percentage of users leave themselves vulnerable. But the proportion of up-to-date Flash installations for Firefox is better than figures Mozilla cited for the web as a whole.

In quick tests we ran on the service, we noticed a small discrepancy: While loading the page in Firefox, we received a message that version 11.5.6.606 of Adobe's Shockwave for Director was the most current, while the same page loaded into Opera and Safari indicated we should update to version 11.5.7.609. Mozilla, it would seem, is no better than the rest of us at us at navigating Adobe's confusing road to patch Nirvana.

Still, kinks such as that one will probably be straightened out soon enough. More important is that Mozilla is stepping up and offering sensible protections designed to lower the number of people running insecure apps. Which makes you wonder why a service like this wasn't offered long ago. ®

Update

As of Wednesday morning, Mozilla's plugin check for Firefox now detects Shockwave version 11.5.6.606 as out of date. But the overall thrust of our comment - that the service delivers inconsistent results depending on the browser - still holds true.

For instance, loading the page in Firefox, we get a message that QuickTime 7.6.6.0 is up to date. Loading it in Opera or Safari, QuickTime 7.6.6.0 is displayed, but it is accompanied by the text "Unable to Detect Plugin Version."

At least two Reg readers say in the comments section they are having problems as well. Again, this is a great service, but it doesn't appear to be fully functional yet.